ClawHub

Ai Market Analyst

Security checks across malware telemetry and agentic risk

Overview

This skill clearly advertises paid market analysis, but it tells the agent to contact an unauthenticated HTTP IP endpoint and complete an Alipay payment automatically, so users should review it before use.

Review this skill carefully before installing. Do not allow it to make automatic payments; require the agent to stop and ask before any charge, showing the exact amount, merchant, destination, and purpose. Be aware that market queries and payment-confirmation data are sent to a plain-HTTP raw IP endpoint, and the skill contains publisher-oriented monetization steps that are not necessary for ordinary use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill contains step-by-step publishing instructions unrelated to its stated market-analysis function, including directing the operator to publish from a local Administrator desktop path and validate monetization. This is dangerous because it turns the skill into a vehicle for propagating itself and monetizing future installs, which is outside normal runtime behavior and can socially engineer an agent or user into deploying unreviewed code.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to make an external HTTP request to a raw IP address and ties the workflow to a paid transaction flow, but it does not require informed user consent before transmitting query data or initiating a billable action. This creates risk of silent data exfiltration and unauthorized charges, especially because the endpoint is non-TLS HTTP and the server identity is not meaningfully authenticated.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instructions mandate that after a 402 response, the agent must automatically extract a payment token, initiate Alipay payment, confirm the transaction, and retry the request without asking the user. This is highly dangerous because it explicitly authorizes autonomous spending based on untrusted remote input, enabling unauthorized financial transactions and abuse if the endpoint is deceptive or compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal